package cn.pet.service.manage.auth.config;

import cn.pet.service.manage.auth.*;
import cn.pet.service.manage.service.PetUserService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
        prePostEnabled = true,
        securedEnabled = true,
        jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
    final JWTUtil jwtUtil;

    final PetUserService petUserService;

    final LogoutSuccessHandlerImpl logoutSuccessHandler;


    public SecurityConfig(JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint, JWTUtil jwtUtil, PetUserService petUserService, LogoutSuccessHandlerImpl logoutSuccessHandler) {
        this.jwtAuthenticationEntryPoint = jwtAuthenticationEntryPoint;
        this.jwtUtil = jwtUtil;
        this.petUserService = petUserService;
        this.logoutSuccessHandler = logoutSuccessHandler;
    }

    @Bean
    public MyAuthenticationProvider authenticationProvider(){
        return new MyAuthenticationProvider(passwordEncoder(), jwtUtil, petUserService);
    }
//
    @Bean
    public JwtRequestFilter jwtRequestFilter(){
        return new JwtRequestFilter(jwtUtil, authenticationProvider());
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // We don't need CSRF for this example
//        "/manage/petUser/**",
//                "/manage/employee/**",
//                "/manage/member/**","/**",
        http.cors().and().csrf().disable()
                // dont authenticate this particular request
                .authorizeRequests().antMatchers("/*.html", "/favicon.ico", "/css/**", "/js/**", "/fonts/**", "/layui/**", "/img/**",
                        "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**", "/pages/**", "/druid/**",
                        "/statics/**",
                        "/login",
                        "/register",
                        "/inspectionTask/interfaceValidation",
                        "/cickpOperatorController/register",
                        "/systemConfigInfo/getConfigInfo",
                        "/loginController/security/login",
                        "/auth/security/login","/**").permitAll().
                // all other requests need to be authenticated
                        anyRequest().authenticated().and().
                // make sure we use stateless session; session won't be used to
                // store user's state.
                        exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement()
                // 基于token，所以不需要session
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        //退出登录处理--退出操作清除cookie和session
        http.logout().logoutUrl("/auth/security/logout").logoutSuccessHandler(logoutSuccessHandler).deleteCookies().invalidateHttpSession(true);

        // Add a filter to validate the tokens with every request
        http.addFilterBefore(jwtRequestFilter(), UsernamePasswordAuthenticationFilter.class);
    }
}
